projects / platform / kernel / linux-stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62e9f1d)
aio: fix potential leak in aio_run_iocb().
authorLeon Yu <chianglungyu@gmail.com>
Thu, 1 May 2014 03:31:28 +0000 (03:31 +0000)
committerJiri Slaby <jslaby@suse.cz>
Fri, 6 Jun 2014 09:40:23 +0000 (11:40 +0200)
commit 754320d6e166d3a12cb4810a452bde00afbd4e9a upstream.

iovec should be reclaimed whenever caller of rw_copy_check_uvector() returns,
but it doesn't hold when failure happens right after aio_setup_vectored_rw().

Fix that in a such way to avoid hairy goto.

Signed-off-by: Leon Yu <chianglungyu@gmail.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
fs/aio.c patch | blob | history

diff --git a/fs/aio.c b/fs/aio.c
index 12a3de0ee6dacbdea873ec9ea28bdd88d1ea999d..04cd7686555d3fe9c3c8ee642211630837a4ba0e 100644 (file)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1299,10 +1299,8 @@ rw_common:
                                                &iovec, compat)
                        : aio_setup_single_vector(req, rw, buf, &nr_segs,
                                                  iovec);
-               if (ret)
-                       return ret;
-
-               ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
+               if (!ret)
+                       ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
                if (ret < 0) {
                        if (iovec != &inline_vec)
                                kfree(iovec);
Domain: System / Kernel;